Hoisting dependencies with peerDependencies can lead to unmet peer dependencies #19877
Comments
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. See angular#9691 (comment) and npm/npm#19877 for more information.
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. This workaround should be safe for now since the only two packages that depend on `ajv-keywords@3.1.0` are `webpack` and `schema-utils`. See angular#9691 (comment) and npm/npm#19877 for more information. Fix angular#9691.
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. This workaround should be safe for now since the only two packages that depend on `ajv-keywords@3.1.0` are `webpack` and `schema-utils`. See angular#9691 (comment) and npm/npm#19877 for more information. Fix angular#9691.
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. This workaround should be safe for now since the only two packages that depend on `ajv-keywords@3.1.0` are `webpack` and `schema-utils`. See angular#9691 (comment) and npm/npm#19877 for more information. Fix angular#9691.
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. This workaround should be safe for now since the only two packages that depend on `ajv-keywords@3.1.0` are `webpack` and `schema-utils`. See #9691 (comment) and npm/npm#19877 for more information. Fix #9691.
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. This workaround should be safe for now since the only two packages that depend on `ajv-keywords@3.1.0` are `webpack` and `schema-utils`. See #9691 (comment) and npm/npm#19877 for more information. Fix #9691.
I have also created a simplified reproduction of this issue: @peer-deps-repro/main This looks like another example of #15708 |
@bjornstar it does look like the same, yes. I added a comment there. |
We encountered this issue in ESLint too: eslint/eslint#10022 |
Encountered this issue in standard too: standard/standard#1078 (comment) |
This has been the case for awhile -- the npm hoisting algorithm doesn't currently consider whether a package's peer dependencies will be satisfied when hoisting it. There was a quick/dirty fix in npm 5.2.0 but it was rolled back in 5.3.0 because they wanted to fix it properly & the naive fix broke users with questionable dependency workflows. It's an uncommon scenario but once in awhile it comes up in a popular package (in this case, eslint). The npm CLI team is aware of it. |
It's also possible to hit this with
This will cause Tested with Works correctly with |
I see the red highlight on this part:
and this message in the end:
|
NPM hoists dependencies with peerDeps of their own, leading to unmet peer dependencies. This workaround should be safe for now since the only two packages that depend on `ajv-keywords@3.1.0` are `webpack` and `schema-utils`. See angular#9691 (comment) and npm/npm#19877 for more information. Fix angular#9691.
* Update dependency versions of packages to be consistent * Update packages to avoid security warnings * Add ajv to dependencies to avoid bug npm/npm#19877 * Remove unnecessary package-lock.json files
* Update dependency versions of packages to be consistent * Update packages to avoid security warnings * Add ajv to dependencies to avoid bug npm/npm#19877 * Remove unnecessary package-lock.json files
* Update dependency versions of packages to be consistent * Update packages to avoid security warnings * Add ajv to dependencies to avoid bug npm/npm#19877 * Remove unnecessary package-lock.json files
* Update dependency versions of packages to be consistent * Update packages to avoid security warnings * Add ajv to dependencies to avoid bug npm/npm#19877 * Remove unnecessary package-lock.json files
I'm opening this issue because:
What's going wrong?
There seems to be a problem with how
npm@5.6.0
hoists dependencies that have peer dependencies.I have prepare a repro at https://github.com/filipesilva/ajv-peerdep-issue. Running
npm install
in this repository will show the following warning:The following dependencies are relevant:
ajv@5.5.2
andwebpack@3.11.0
.webpack@3.11.0
depends onajv@^6.1.0
andajv-keywords@^3.1.0
.ajv-keywords@3.1.0
has a peer dependency onajv@^6.0.0
When
npm
resolves these dependencies they end up looking like this:This is a problem because the hoisted
ajv-keywords@3.1.0
will not have its peer dependency onajv@^6.0.0
met.How can the CLI team reproduce the problem?
supporting information:
npm -v
prints: 5.6.0node -v
prints: 8.9.4npm config get registry
prints: https://registry.npmjs.org/The text was updated successfully, but these errors were encountered: